MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4b9d879ea6b4ca40c087b7cbd0474590bbca1f1dc788cb7689a96bbf0a044d4b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4b9d879ea6b4ca40c087b7cbd0474590bbca1f1dc788cb7689a96bbf0a044d4b
SHA3-384 hash: 63e6d4080324c56418858374e98693482059792478a2de231523bec90274a3cad10b2c1c54438434c17d38c51f1e17be
SHA1 hash: cb3c285015f81df9ec767f5680422b7acbc82048
MD5 hash: aab76a61e0fb29d9ebcce01b0f23f1cb
humanhash: grey-lima-maine-yankee
File name:DOCUSI~1.SCR
Download: download sample
Signature GuLoader
Create hunting rule
File size:81'920 bytes
First seen:2020-05-01 15:54:18 UTC
Last seen:2020-05-01 15:55:26 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 0c6d4ed2c2cb78c5812936a23608c98f (1 x GuLoader)
ssdeep 768:MdZ1BuM1vagqrOnxrTQdSYyuumY/cXSYvFfvoMa:21agTTQLyuuf/QYh
Threatray 163 similar samples on MalwareBazaar
TLSH 27833BA5FAE4E577D2048BF55E3596E440637E300C428E13BAA57F2E6B32E02E5503E7
Reporter cocaman
Tags:GuLoader scr

Intelligence

File Origin
# of uploads :
2
# of downloads :
91
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Packer.ProtectSharewar-2
Create hunting rule

PUA.Win.Packer.ProtectSharewar-3
Create hunting rule

Win.Trojan.VBGeneric-7736020-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Vebzenpak
Create hunting rule
Status:
Malicious
First seen:
2020-05-01 16:35:31 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
24 of 31 (77.42%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=jooyphvgwtfebqehw7f5ar2fsc54uhy5y6emw5ujvfv36cqejvfq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
1e22fffb30866578e2bae67b3a138e194853123914d5fa82440f6a2058bfdb3e
GuLoader
233b77662bc561852146198761fa55b8bd63b0c075150b8ea02a92aa2f5212e6
GuLoader
2ace558d202e365fac33752bc28b1c60b07e90904c9f0f4492d13d67f3277530
GuLoader
39931e1fb3b7e82ef1669505f39e9598c1620b8740ab59971bc6aeae0cd6082b
GuLoader
54f42da8259c446dcaa20a678a382301b319b3936c9d42fe50300d28f6c5939a
GuLoader
7ba9e4b99caaf229425337ffb54ef594c715229cf47cffb01175e20cfb71f305
GuLoader
c10808947a65d455863b0449c74a6cc2112fd8fd60dab90c0f51edddfad4cb3e
GuLoader
df34eee3a23ae66bb689bc1911e417cdaa7b51c353dc586bdb3280f86df09b55
GuLoader
dfe54696ad7c10bc44e524a6d292f94a951bd29aa1f4dbee29b6ae56eaf9fa51
GuLoader
fbae0ff635e7b7cb7646fded915f70803f4c564348b77bf2c6d9809c4353e9a6
GuLoader
+ 153 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img 9c3241e1bb45734e245ae7e36dd5145ff7fee1efc0d9550e6d5b7a8b0d1784fe

GuLoader

Executable exe 4b9d879ea6b4ca40c087b7cbd0474590bbca1f1dc788cb7689a96bbf0a044d4b

(this sample)

  
Delivery method
Other
  
Dropped by
SHA256 9c3241e1bb45734e245ae7e36dd5145ff7fee1efc0d9550e6d5b7a8b0d1784fe

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::__vbaObjSetAddref
MSVBVM60.DLL::EVENT_SINK_AddRef
MSVBVM60.DLL::__vbaLateMemCallLd

Comments